<?php
try {
    $db = new PDO("mysql:host=localhost; dbname=db2;", 'root', '123456');
    $db -> setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE,PDO::FETCH_ASSOC);
    session_start();
    $hasRight = $_SESSION['user']['xh'] === $_GET['xh'] || $_SESSION['user']['isAdmin'];
    if ($r = $_POST){
        if ($r['pwd'] !== $r['pwd2']) throw new Exception('两次输入的密码不一致，请重新输入');
        if ($r['xh'] === '') throw new Exception('注册用户必须填入学号');
        if ($r['pwd']){
            if (preg_match('!^(?=.*?\d)(?=.*?[a-z])(?=.*?[^0-9a-z]).{3,20}$!i',$r['pwd']) !== 1){
                throw new Exception('密码需要3-20个字符，须同时包含字母、数字及其他字符');
            }
        }elseif($_GET['xh']){
            $r['pwd'] = $_SESSION['user']['pwd'];
        }else{
            throw new Exception('注册用户必须输入密码');
        }
        if ($_GET['xh']){
            if ($hasRight){
                $ps = $db -> prepare('update students set xh=?,name=?,tel=? where xh=?');
                $ps -> execute([$r['xh'],$r['name'],$r['tel'],$_GET['xh']]);
                $ps = $db -> prepare('update students set xh=?,name=?,tel=?,pwd=? where xh=?');
                $ps -> execute([$r['xh'],$r['name'],$r['tel'],$r['pwd'],$_GET['xh']]);
                if ($_SESSION['user']['xh'] === $_GET['xh']) $_SESSION['user'] = $r;
            }else{
                throw new Exception('Sorry,你没有修改的权限。');
            }
        }else{
            $ps = $db -> prepare('insert into students (xh,name,tel) values (?,?,?)');
            $ps -> execute([$r['xh'],$r['name'],$r['tel']]);
            $ps = $db -> prepare('insert into students (xh,name,tel,pwd) values (?,?,?,?)');
            $ps -> execute([$r['xh'],$r['name'],$r['tel'],$r['pwd']]);

        }
        header('Location: index.php');
        return;
    }elseif ($_GET['xh']){
        $ps = $db -> prepare('select * from students where xh = ?');
        $ps -> execute(array($_GET['xh']));
        $r = $ps -> fetch();
        if ($r === false) throw new Exception('找不到要修改的纪录');
        if (!$hasRight) throw new Exception('Sorry,你没有修改的权限。');
    }else{
        $hasRight = true;
    }
}catch (Throwable $e){
    $msg = $e -> getMessage();
}
?>
<!doctype html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title><?=$_GET['xh']===null?'注册':'修改'?>新用户</title>
    <style>
        h1{
            color:red;
        }
        input{
            padding: 10px;
            margin:6px;
            border-radius: 6px;
        }
        .msg{
            color:red;
            margin: 20px 0;
        }
    </style>
</head>
<body>
<h1><?=$_GET['xh']===null?'注册':'修改'?>新用户</h1>
<form method="post">
    学号：<input type="text" name="xh" value="<?=$r['xh']?>" <?=$hasRight?'':'disabled'?>><br>
    姓名：<input type="text" name="name" value="<?=$r['name']?>" <?=$hasRight?'':'disabled'?>><br>
    电话：<input type="text" name="tel" value="<?=$r['tel']?>" <?=$hasRight?'':'disabled'?>><br>
    学号  ：<input type="text" name="xh" value="<?=$r['xh']?>" <?=$hasRight?'':'disabled'?>><br>
    姓名  ：<input type="text" name="name" value="<?=$r['name']?>" <?=$hasRight?'':'disabled'?>><br>
    电话  ：<input type="text" name="tel" value="<?=$r['tel']?>" <?=$hasRight?'':'disabled'?>><br>
    密码  ：<input type="password" name="pwd" <?=$hasRight?'':'disabled'?>><b>
        <?=isset($_GET['xh']) && !$msg?'留空将不会修改原来的密码':'3-20个字符，须同时包含字母、数字及其他字符'?>
    </b><br>
    重复密码：<input type="password" name="pwd2" <?=$hasRight?'':'disabled'?>><br>
    <div class="msg"><?=$msg?></div>
    <input type="submit" value="提交数据" <?=$hasRight?'':'disabled'?>>
</form>
</body>
</html>